Overview

overview

10

Static

static

3

JaffaCakes...58.exe

windows7-x64

10

JaffaCakes...58.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    96s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    12/02/2025, 15:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_f16ef2c3f71f856098faf2a12ebf7d58.exe

  • Size

    1.6MB

  • MD5

    f16ef2c3f71f856098faf2a12ebf7d58

  • SHA1

    5f4a0ff4c8719c7e9cba8dc9df60c5fb3c301879

  • SHA256

    1243f5ee305134d58fbc631d13721edd2a3f4887a6f6153a207dbfb357c1151d

  • SHA512

    b7115cd3326612af0e43e487d2cf75d055cc8392c925b18d1a6784077f7d5a5afaeb43cbc62296cd46c78c1334e65416a121db101635e096ea92eb17d02b94bf

  • SSDEEP

    24576:2IGD/tkRGc/bJ3q4rT4MRdMOkWCn5SHH6QC7djRaxFcPxX:ElkRGc964v4MR3Q5jIxOP

Score
10/10
darkcometid-01defense_evasiondiscoverypersistencerattrojan

Malware Config

Extracted

Family

darkcomet

Attributes
  • gencode

  • install

    false

  • offline_keylogger

    false

  • persistence

    false

rc4.plain

Extracted

Family

darkcomet

Botnet

ID-01

C2

213.190.57.17:4411

Mutex

DC_MUTEX-H8BKTPK

Attributes
  • InstallPath

    Windupdt\winupdate.exe

  • gencode

    b�VUJ6rG.XLP

  • install

    true

  • offline_keylogger

    true

  • password

    wtf?end

  • persistence

    true

  • reg_key

    winupdater

rc4.plain

Signatures

  • Darkcomet

    DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    trojanratdarkcomet
  • Darkcomet family
    darkcomet
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Sets file to hidden 1 TTPs 2 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    defense_evasion
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • Drops desktop.ini file(s) 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 24 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 48 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    defense_evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f16ef2c3f71f856098faf2a12ebf7d58.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f16ef2c3f71f856098faf2a12ebf7d58.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\explorer.exe
      C:\Windows\Microsoft.NET\Framework\v2.0.50727\explorer.exe
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Checks whether UAC is enabled
      • Drops desktop.ini file(s)
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2740
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\Microsoft.NET\Framework\v2.0.50727\explorer.exe" +s +h
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2604
        • C:\Windows\SysWOW64\attrib.exe
          attrib "C:\Windows\Microsoft.NET\Framework\v2.0.50727\explorer.exe" +s +h
          4⤵
          • Sets file to hidden
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Views/modifies file attributes
          PID:2052
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /k attrib "C:\Windows\Microsoft.NET\Framework\v2.0.50727" +s +h
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2632
        • C:\Windows\SysWOW64\attrib.exe
          attrib "C:\Windows\Microsoft.NET\Framework\v2.0.50727" +s +h
          4⤵
          • Sets file to hidden
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Views/modifies file attributes
          PID:2428
      • C:\Windows\SysWOW64\Windupdt\winupdate.exe
        "C:\Windows\system32\Windupdt\winupdate.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3044
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /k ping 127.0.0.1 -n 5 > NUL&del "C:\Windows\Microsoft.NET\Framework\v2.0.50727\explorer.exe"
        3⤵
        • System Location Discovery: System Language Discovery
        • System Network Configuration Discovery: Internet Connection Discovery
        • Suspicious use of WriteProcessMemory
        PID:1080
        • C:\Windows\SysWOW64\PING.EXE
          ping 127.0.0.1 -n 5
          4⤵
          • System Location Discovery: System Language Discovery
          • System Network Configuration Discovery: Internet Connection Discovery
          • Runs ping.exe
          PID:2764
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2680
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ed8aa3f01590688b19b7cc9e79103540

    SHA1

    c1060942f587a0ee4a3b1c4331f16dd58cb13d1b

    SHA256

    8e2c237213265278f19a512591f1c83907cae9763d448ede660c07057f8ce9a7

    SHA512

    5c9cc5da8f371ccfab9d20a763f299d9a515973f1d79bdf283ab7303799412dafaa18c7eda4275768bac434b9c6370779c1878052a4aec4b5a1aa8227e4bb321

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e74d34583025f120991e77be1d69979f

    SHA1

    58213a5e338bd314a7177d020f2990cdeeaff81f

    SHA256

    12317b3b4e669298fe9ef5496e12d82018d2424c7c3df8e422bb1251193026f2

    SHA512

    c7e9ed5eb5f17483a3db99f274595320b1f75b75829ae5d1d3a95280a94c49e605e812f6408ba079ee11ff40504ef151d6342d2782fa5801484d10602a432cf7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    baff02c0829dde463c854dddc9ec8d50

    SHA1

    6572580554218a0887bfa16819586becea4b3d67

    SHA256

    ef2e744d4d85f5433e28fb2e8431b54aa231b82fa1bdb4cb9e3678ef49854f3e

    SHA512

    9bc9d355e2b02e8570e39aa38057398bceb531546717f7acc6b57c5e58c79c56d2331d63d7825c0c91b3b3e864af8a05d489b766c7e32c48634c3eacea752860

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b68f35d9900f32e50d4c36f4fc4628fb

    SHA1

    5667de979368c128718147966fbbd70f2fe6c51a

    SHA256

    e8ca84587bb88b17777e926344d90a3256bd62518c6c3f41118ae262d6bce721

    SHA512

    da0187e973e8529820a3fbfca72c8c2dd913e3db076cc5875b4b12b5bdc60da8b542a26eec994ed736fad6bc968efdb0b56909a66d647065d9fdca8a39da4066

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40fd6ab0e79341adcf515c1a09fd8f6f

    SHA1

    5bc5bed1c07949092cdc0c9de478165c82dc6878

    SHA256

    4a58bd4020c0596015a14f1a698a2e1e13a54cbd5dfeff590743bf3ae15e263b

    SHA512

    940b4ca413e6c184c2ed68585cbbd4de1cf6ec947dd030832d4c12846863748f2b743c3d4e26f988eda0d05acc340b68384c13f480240f74230bf3e782fc3250

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    717c9f6205a15effebaf5c9054f0f4da

    SHA1

    b8a8f891ac369ecf0772ac15a09063502c6958db

    SHA256

    3ae93ec6d9d6b78333dd09df8505b09c81e9b410758cf89627c98819ea8b150b

    SHA512

    0b41652dac7a5d502f627e0e7f98781b7282d596f0026ce70848b869d9d56f298674e9cf5008d663a5729dff5cad8ab56fea009b9db9ccc4efc94276c21f5b17

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aad35a4ca313bbab05b5795af245b908

    SHA1

    518eb88ffbfbe4cebca06c012790d0a16a254640

    SHA256

    0d460d41416a37d077b2af1c08f1480451b26de94b07a0ccc0f67474f4ff0da0

    SHA512

    9d9567c9625de14a2dd9f852aafddb06f96c30244673878685c35bf0ae22b2f83d79919f1fe652113680ea3d344ce3c2c868a8e2e1f78b6ffaec3fc81b964f96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    23789fd68010e830ade9574d933de55d

    SHA1

    421ff10e9deba0c736c153b4e056cf10ee904f31

    SHA256

    785952a061276f63014faa6f8ba6a4c3753d60a55b4faadd680a6b8fd71adb65

    SHA512

    8861e819317f00b0224b80d3c3ac2558fb3d0f047b7947df344d45b57a8508a104cf5327babc0de39fc6a164409692c4d13fef0c718e4e142bdc9c7e55f6c6f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b07921f233b33d0c108872a99f1b7c2

    SHA1

    24e4f7d66f39276f68ac718e88bce872df46d438

    SHA256

    25d1116c3d4f899c8a55d809f0271c509bee4b36f5f1b985a48a44fdae757b29

    SHA512

    b7292da1ffdf9e6954f0841c27cd8bbb73cd2c48e488505747c6e17beb36fa8302032b309f3306716a0c2c5936cb362ea14dbd3b699973b22615d271a4540088

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d8462cc8f9abfb7d3d832343f0d977db

    SHA1

    70315941d1fca4ab815f6b584d5d7ea6b54463c3

    SHA256

    a1dbea1fd88becc55bc0a51775d8a6ed53e069eb98615574a4ef3853a86682a5

    SHA512

    c8f482a8c06617f5f43f2afeb921c7c9e3a07383181eacdcd1f3c21965d94f2038dcd1267d55f21159d182b670ffe07fe6cfa1a8c1e7626fe5e377ce8040aab0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    858e43a543e687830920b77b26e8e80e

    SHA1

    eda8855a47f3e55ec2d131004591c8e843512660

    SHA256

    0b6577e0eed73e8e087509d246033fb0a915f9115926ddbbca9f3bbd2a06afdb

    SHA512

    12a3b56922f2c0e62ce27959f6c3bf941091560e170057631a3573075f094c38c0bc1d0623274191e8713f1ec4dd7bf2799103a17baacaa2128f0384776ec693

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b13a3f0a2a25a8683f823d00755c0d1

    SHA1

    9e0f01e71c59cde0dff8e1d461d2ebb3652b43e4

    SHA256

    6eb82375b8752553d3c893c1f177fdb6ee36f0fcdfcfd26f42c2e29e21b995c4

    SHA512

    430fcb69065bc045102ddafa9c1535dd12e54b53510f9448966725e99c3730d7c3ece283b561124951fbc06e7df23812fca21252703cd04e78f324c485bf79aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    61f7c5f3b709bf92b1366537a6ff7233

    SHA1

    7343fd0314aee52f18ec8c9abab320439fb4e434

    SHA256

    9c1a126c8c7921d02da9c353cc737d279144859f1a243ef04a3c014b30e7d14f

    SHA512

    caf34eeedaafbfba895fed7aefd3e4f63fa8502710411d5c570b7f59916e696798e0aea2ba8d2c12c3afe6850e214b81f0e0523815076f67ce80a22f64f48a73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a1509ac43c44c60f2d0debe71819cb2

    SHA1

    f357f637216d60ddc551e5ce4f537ce294f7da3a

    SHA256

    f41d4b706f0b1ae1732255a0ff501de36a2a86ce5073c6da3dbcdefd8ad9e76d

    SHA512

    009a316fe5df40881b63fde93806601ddf6a90dd4405041e2d5cbe02cc32872d76bc1f943df1373a6b82c5853466b0734bdcb26e983e79120e71abf7f4e1abf6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b6ea11d8ebed42043621889083fa126

    SHA1

    67e004f1cf217c592c109e893093980ec8f3c0b7

    SHA256

    8729d7527c59a87d8ed98310df45c9c14f7819327ba883e9a0b2d1b34c6385c4

    SHA512

    c493945d4741448e8da8cd3a99011283a431650f7af7f8a5b6faad9e90a3c202b059dbfa4d0f64fad74e85af26196a6f423f192176d597fc834782187423f965

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d1dd9631c9003e5b4d24b2b627c8bfe

    SHA1

    5c3420537c0524047326ba34e40122a53bd62ad7

    SHA256

    ee891f8f4add59dcc0d7b61396b98ace672950d1550aaa2195291552a9ed2309

    SHA512

    9a8a404d0928781d1dc0cbc99ca4527f7a57b3f2850329558ddd03aad980c41f31101c60894d38c59e9d87e05b6481b4261697db19c59bc5721e4fd763e99fd3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9E25.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9E38.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\WEB SLICE GALLERY.URL
    Filesize

    226B

    MD5

    ad93eaac4ac4a095f8828f14790c1f8c

    SHA1

    f84f24c4ca9d04485a0005770e3ef1ca30eede55

    SHA256

    729111c923821a7ad0bb23d1a1dea03edbf503cd8b732e2d7eb36cf88eaa0cac

    SHA512

    f561b98836233849c016227a3366fcf8449db662f21aecd4bd45eb988f6316212685ce7ce6e0461fb2604f664ed03a7847a237800d3cdca8ba23a41a49f68769

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\a9125511df2e.jpg
    Filesize

    48KB

    MD5

    9db04f7fe2b56a6edbf3e4cbed6398b0

    SHA1

    a36c7284ce9f6c939898964cd794679b61d4f8f5

    SHA256

    13e4c19fb330ae3b9d7d1ad66f99d51854d1620de486e3e81c537b85a7ab7a3b

    SHA512

    52f51077f2950a5ab2e152710750abb4d4850c00bd184c0dabe2d80da3559522708455f21c12541fdf5ae01e064c3c2ca45a376150df01cf1166f2c720182c4c

    Download Submit

  • \Windows\Microsoft.NET\Framework\v2.0.50727\explorer.exe
    Filesize

    1.1MB

    MD5

    34aa912defa18c2c129f1e09d75c1d7e

    SHA1

    9c3046324657505a30ecd9b1fdb46c05bde7d470

    SHA256

    6df94b7fa33f1b87142adc39b3db0613fc520d9e7a5fd6a5301dd7f51f8d0386

    SHA512

    d1ea9368f5d7166180612fd763c87afb647d088498887961f5e7fb0a10f4a808bd5928e8a3666d70ff794093c51ecca8816f75dd47652fd4eb23dce7f9aa1f98

    Download Submit

  • memory/2532-2-0x00000000748E0000-0x0000000074E8B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2532-4-0x0000000000AC0000-0x0000000000AC2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2532-30-0x00000000748E0000-0x0000000074E8B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2532-0-0x00000000748E1000-0x00000000748E2000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-1-0x00000000748E0000-0x0000000074E8B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2680-5-0x0000000000260000-0x0000000000262000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2680-6-0x0000000000590000-0x0000000000591000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2680-148-0x0000000000590000-0x0000000000591000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2740-29-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/2740-48-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/2740-41-0x0000000003ED0000-0x0000000003ED2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2740-32-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/2740-31-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/2740-20-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/2740-21-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/2740-23-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/2740-24-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/2740-25-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2740-27-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/2740-22-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/2740-18-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/2740-17-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download

  • memory/2740-19-0x0000000000400000-0x00000000004CC000-memory.dmp

    Filesize

    816KB

    Download